Ring

Ring Android app delivers users’ personal information to four analytics and marketing companies

Ring Android app found to deliver users’ personal information to four analytics and marketing companies – Facebook, MixPanel, AppsFlyer, and Branch

An investigation by the Electronic Frontier Foundation (EFF) of the Ring doorbell app for Android found it to be packed with third-party trackers sending out a plethora of customers’ personally identifiable information (PII).

The EFF investigation found that Ring for Android v3.21.1 sends users’ personal information to four analytics and marketing companies: Facebook, Branch, AppsFlyer, and MixPanel.

Facebook receives alerts whenever the app is opened and upon app deactivation after screen lock due to inactivity. Even if the Ring user does not have a Facebook account, the social networking giant still receives information such as their time zone, device model, language preferences, as well as a unique identifier.

Branch receives a number of unique identifiers – device fingerprint id, hardware id, identity id – as well as your device’s local IP address, model, screen resolution, and DPI.

AppsFlyer receives a wide array of information upon app launch as well as certain user actions, such as interacting with the “Neighbors” section of the app. This information includes your mobile carrier, when Ring was installed and first launched, a number of unique identifiers, the app you installed from, and whether AppsFlyer tracking came preinstalled on the device.

AppsFlyer also receives the sensors installed on your device (on our test device, this included the magnetometer, gyroscope, and accelerometer) and current calibration settings.

MixPanel receives the most information by far. Users’ full names, email addresses, device information such as OS version and model, whether bluetooth is enabled, and app settings such as the number of locations a user has Ring devices installed in, are all collected and reported to MixPanel.

MixPanel is briefly mentioned in Ring’s list of third party services, but the extent of their data collection is not. None of the other trackers listed in this article are mentioned at all on this page.

The EFF said,

Our dynamic analysis was performed using mitmproxy running on an access point to intercept and analyze HTTPS flows from an Android test device.

To remove noise generated from other apps, we installed the AFWall+ firewall app and only allowed network traffic from Ring. mitmproxy generates a root x509 certificate which is to be installed in the OS-level certificate store in Android, allowing active interception to take place on otherwise secured traffic.

This led us to the initial discovery that the root certificate was not being accepted as valid, and that some form of certificate pinning was being employed by the app.